openEHR REST APIs

• subjectId (optional): id of the subject in the external system
• subjectNamespace (optional): namespace of the subject id in the external system
• committer
• audit change type
• commit audit description
  
  

HF: How do subjectId and subjectNamespace manifest themselves in the EHR model/resource?

HF: We should allow EHR_STATUS and EHR_ACCESS objects so it is not necessary to make additional requests resulting in multiple contributions

BL: Good idea.

HF: We need audit details for the contribution

HF: What is returned in the response?

BL: At the moment only:

{
  "meta": {
    "href": "http://localhost:8082/rest/v1/ehr/f77f9b4a-cfda-414d-aa6c-4f78bcac7601"
  },
  "action": "CREATE",
  "ehrId": "f77f9b4a-cfda-414d-aa6c-4f78bcac7601"
}

HF: What is the purpose of meta and action? Shouldn't we use HTTP headers for these?

HF: Why have we change the URL to /ehrs? The resource is an EHR.

TB: this isn't possible (well not by an external REST access - it would be an internal admin operation); all you can do is mark an EHR as inactive, which would be a POST (I think) to /ehr/{ehr_id}/ehr_status/other_details/is_active or similar. But even this operation, if it succeeds, is serious - it makes it look like an EHR is deleted, so it's probably not appropriate via any externally visible REST interface.

SI: In some countries the patient/client is owner of the data and it has the right (by the law) to ask for a complete (total) removal of all his data, which is more than just an inactive flag.

TB: that's true, but doing the delete would require some documentation and/or special permission. I still doubt very much that this could ever be done through a visible REST interface, unless all the proof parameters were provided, and I think these would be too variable to standardise.

DB: I agree with SI, this can be a requirement. The authentication/permission is a completely different issue. You could argue that the same kind documentation or special permission would be needed for creating a new composition.

BL: I would leave this out of the REST API for the moment. If this is a requirement somewhere it can be performed by other means (special admin interface to the system or similar).

DB: I won't leave this out, delete has a clear use case (i.e. opt-out from clinical research)

ES: Seems like delete EHR is needed in some cases, so it should be system configurable, we just need to agree on what HTTP status codes/messages to return for different cases.

• committer
• audit change type
• commit audit description

HF: Can we create using this also?

BL: Do we need to - would it not be better to create a default status and access when creating EHR (or use the provided ones in the EHR create call body).

HF: If that is our suggested approach then fine, but this needs to be specified.

HF: We need audit details for the contribution

HF: We should provide precedingVersionUid or something to support optimistic locking

BL: Added versionUid.

  HF: Is version uid the new version UID or preceding version uid? The proposed URL would suggest we are posting to this version, not replacing it.

HF: I think preceding version uid should be represented as a HTTP If-Match header rather than in the URL. This keeps urls simple and clean.

HF: What is returned in the response?

BL: What would you have in response?

HF: I would suggest we just need HTTP status and headers Content-Location (version specific URL, although we don't have one) and ETag (new version uid)

HF: FHIR uses the HTTP Prefer header to allow the client to specify return minimal or representation. The latter would return the new version of the resource. The server can decide how it responds if it is not specified.

TB

HF: Do we really want to provide this level of updates, it may result in many contributions when multiple attributes need to be updated

• committer
• audit change type
• commit audit description

HF: Can we create using this also?

HF: We need audit details for the contribution

HF: We should provide precedingVersionUid or something to support optimistic locking

HF: What is returned in the response?

TB

HF: Do we really want to provide this level of updates, it may result in many contributions when multiple attributes need to be updated

HF: We need audit details for contribution

HF: We should provide precedingVersionUid or something to support optimistic locking

HF: What is returned in the response?

SI

/compositions

/ehrs/{ehrId}/compositions

• ehrId
• committer
• audit change type
• version lifecycle state
• commit audit description

Create a new composition

HF: If we use the second URL we don't need to specify ehrId as parameter

HF: should use the RM term of commit audit description rather than commit comment

HF: audit parameters should be group under commit audit parameter

HF: What is returned in the response?

BL: response is very simple:

{
  "meta": {
    "href": "http://example.domain.com:8082/rest/v1/composition/bddcedc8-46cc-4df6-8b1a-b05534235f17::example.domain.com::1"
  },
  "action": "CREATE",
  "compositionUid": "bddcedc8-46cc-4df6-8b1a-b05534235f17::example.domain.com::1"
}

/compositions/{compositionId}
/ehrs/{ehrId}/compositions/{compositionId}

Do we return a VERSION or a COMPOSITION here?

HF: I would prefer VERSION

BL: I would prefer a different resource returning versions

HF: Perhaps that is the difference between /composition/{compositionId} and /ehr{ehrId}/compositions/{compositionId}, or are you suggesting something like /version/{uid}?

HF: is compositionId the version UID or object ID?

BL: we could have both - one returns exact version specified, the other latest one?

HF: Should be able to request version by uid, point in time or at specified contribution?

BL: Good idea - can you suggest parameters?

HF: We use the idea of versionTime, which may be symbolic such as LATEST_TRUNK_VERSION, contribution uid or timestamp

/compositions/{compositionId}/version
/ehrs/{ehrId}/compositions/{compositionId}/version 

BL

HF: I would prefer the reverse approach to align with RM
E.g. /compositions/{compositionId}/data

HF: is compositionId the version UID or object ID?

/compositions/{compositionId}

/ehrs/{ehrId}/compositions/{compositionId}

• committer
• audit change type
• version lifecycle state
• commit comment

HF: is compositionId the version UID or object ID? If version UID then it should be PUT. Having said that, FHIR uses PUT for update using an object ID.

BL: I think it should be version uid as it then also gives us optimistic locking

HF: We should provide precedingVersionUid or something to support optimistic locking, this could be done using the HTTP If-Match header

HF: What is returned in the response?

/compositions/{compositionId}

/ehrs/{ehrId}/compositions/{compositionId}

• committer
• audit change type
• commit comment

HF: is compositionId the version UID or object ID?

BL: I think it should be version uid as it then also gives us optimistic locking

GET

POST

/query

GET has a max limit on the query length that will be too short for some queries. (Also if using GET make sure that the server sends proper caching headers.) Should we allow both POST and GET?

Added post for querying to allow loooong queries

HF: I think we should support POST only

(see http://www.biomedcentral.com/1472-6947/13/57) By default the query-id could be a SHA hash of the query itself (that way repeated identical queries do not need to be re-parsed/stored)

If the http-server-log is used as the main source for audit-logging, then the query needs to be stored somewhere since the content of POST is usually not logged in http-logs (The stored query could be inspected using GET q/{query-language}/{query-id}/info/ ). Storing a query (could be an ad-hoc query) for logging purposes does not mean that it needs to be converted to a stored procedure in the database. Manual or automatic routines can be used for deciding when recurring queries (same hash) should be optimized/stored.

If we want to support different query languages (or query language versions) we might want urls on the form q/{QUERY_LANGUAGE}/ (examples: /q/AQL/, /q/AQL2/, /q/AQLinXQuery/)

HF: Is this an specification alternative to the above or will both be included in the specification?

HF: Although I like the idea of the redirect approach, I have some reservation about how javascript clients will react to these redirections

HF: Should AQL be assumed in a shortform of this?

q/{query-language}/{query-id}

Discussion:  Do we want to allow the possibility to (optionally?) split URIs for single- and multi-patient queries like this (including EHR ID in the URI)? Single-patient queries may have simpler requirements regarding security and may be more efficiently implemented in certain distributed environments. See http://www.biomedcentral.com/1472-6947/13/57

HF: I think this is useful to indicate single-ehr queries from multi-ehr queries. This should also be specified in the original query POST.

/contributions

This call might also be under /composition resource.

HF: Although the RM doesn't explicitly state this, I think contributions should be related to an EHR. E.g. /ehr/{ehrId}/contributions

HF: Where multi-ehr contributions are required, we may consider a transaction mechansim

HF: The contribution resource should align more with the RM such as using a cut down representation of the ORIGINAL_VERSION including attributes such as lifecycle_state, preceding_version_id, change_type, data.

BL: Even in the current call - where multiple EHRs are concerned contributions should be created for each EHR separately - but the whole operation should still be transactional - so all or nothing. I do agree it would also be nice to have a call with /ehr/{ehrId}/ prefix. Perhaps the name contribution is not right although I hardly imagine somebody would want to POST contributions.

HF: /contributions makes sense in the context of /ehr/{ehrId}/contributions. If there remains a stand alone CONTRIBUTION resource then /contribution would still make sense.